journal of network and computer applications · indeed, blockchain also play a superior role for...

Journal of Network and Computer Applications 144 (2019) 59–78

Contents lists available at ScienceDirect

Journal of Network and Computer Applications

journal homepage: www.elsevier.com/locate/jnca

QoS-aware secure transaction framework for internet of things usingblockchain mechanism

Deepsubhra Guha Roy a, Puja Das a, Debashis De a,b,*, Rajkumar Buyya c,d

a Centre of Mobile Cloud Computing, Department of Computer Science and Engineering, West Bengal University of Technology, Presently, Maulana Abul Kalam AzadUniversity of Technology, WB BF-142, Sector-I, Salt Lake City, Kolkata, 700064, West Bengal, Indiab Department of Physics, University of Western Australia, 35 Stirling Hwy, Crawley, WA, 6009, Australiac Cloud Computing and Distributed Systems (CLOUDS) Laboratory, School of Computing and Information Systems, The University of Melbourne, Australiad Manjrasoft Pty Ltd, Melbourne, Australia

A R T I C L E I N F O

Keywords:Internet of thingsMan in the middle attackRisk assessmentRisk recovery blockchainCongestions controlQoS

* Corresponding author. West Bengal UniversityIndia.

E-mail address: [email protected] (D. D

https://doi.org/10.1016/j.jnca.2019.06.014Received 4 September 2018; Received in revised foAvailable online 5 July 20191084-8045/© 2019 Elsevier Ltd. All rights reserved

A B S T R A C T

The Internet of Things (IoT) paradigm enables an enormous network with millions of connected smart things tocontrol almost all aspect of services. In an IoT scenario, self-configured things are dynamically connected in auniversal network. The small things are broadly distributed in a real world model with some essential processingcapacity and finite storage. Security, privacy and reliability are the most important pillars of the IoT infrastruc-ture. It is challenging to share personal data, highly confidential professional data over a centralized system. Theinfrastructure itself is capable to provide the guarantee to transmit data safely. However, a special attention forthe data along with data consistency is required. Cyber attackers and hackers mostly target the centralized sys-tems. To triumph over these types of situations we propose a security based blockchain service along with someencryption approaches for a secure communication. The encryption and decryption is performed by a hash basedsecret key. Risk modelling and relative risk reduction also done to prevent attacks under a virtual private networkin IoT domain. Before and after attack users also wish to know quality of service (QoS). We have developed amobile application framework which provides desire output of a user from different aspect of QoS for betterunderstanding. The MQTT broker performs as a negotiator to convey data between cloud consumer and cloudprovider. In QoS monitoring section user get chance to reconsider availability, reliability and responsibility likeQoS factors while recovering resources and actual resources before attacking system based on CPU utilization,cache status and storage. As per experiment result we able to recover 100% RAM, 97.64% CPU utilization and78.7% storage using proposed encryption and algorithm on blockchain infrastructure.

1. Introduction

Internet of Things (IoT) is a worldwide interrelated network of objectsand human beings through which individual addressing structures(Andersen et al., 2017) are capable to connect from one to all. Usingdigital and IoT based facilities create the huge amount of data which isincreasing rapidly. The principal purpose of IoT is to broadcast infor-mation of objects, which reflects the fabrication, consumption, trans-portation along with each and every detail of public life. Use of IoTinterface and implementation make the surrounding environment muchbetter perceptive (Pavithra and Balakrishnan, 2015). Till this date,centralized systems are handling and responsible to take of a hugeamount of personal and sensitive information for both public and private

of Technology, Computer Science

e).

rm 31 May 2019; Accepted 27 J

.

domain. However as an individual person has no control over the datastored about them self and not even they have any clue of it's used. Inthese years, media covered and publish controversial cases related toprivacy and security issues and loss of confidential data over public andprivate data repository (Yang et al., 2018; Zyskind and Nathan, 2015). Intoday's world IoT is a tool which is possibly applied on every non-livingobject; that is why it is also known as “Internet of Everything”. IoT is usedas a tool or service for betterment of our daily life; while cybercriminalsalso get opportunity to engage in cybercrime (Roman et al., 2013). Forexample, 51% attackers or hackers try to take control of these centralizedsystem mechanism, using the same technology base. Various type of at-tacks like man in themiddle, data tempering, backdoor attack are appliedand get intact control of the entire system. Because of this security issues

and Engineering, B.F.-142, Sector-I, Salt Lake, Kolkata, 700064, West Bengal,

une 2019

mailto:[email protected]

http://crossmark.crossref.org/dialog/?doi=10.1016/j.jnca.2019.06.014&domain=pdf

www.sciencedirect.com/science/journal/10848045

www.elsevier.com/locate/jnca

https://doi.org/10.1016/j.jnca.2019.06.014



D. Guha Roy et al. Journal of Network and Computer Applications 144 (2019) 59–78

IoT unable to get its actual popularity. But to overcome all this third partyimmersion issues blockchain has introduced (Roman et al., 2013)(Arunkumar et al., 2017).

Blockchain is approximately gets revolutionary outcome for priori-tized insecurity of decentralized, distributed, authentic, cryptography,immutability like provenances. It uses in finance, governance, intelli-gence and health along with for content transfer networks, smart grid andsmart agriculture systems (Aslam et al., 2017) (Veres and Boda, 2000).Blockchain has the capability to improve every insecure digital system.Blockchain successfully avoid man in the middle attack, backdoor attackwith data reliability and digital personalities to permit IoT data trans-parency. Indeed, blockchain also play a superior role for privacy, avail-ability and reliability, to improve flexibility and inspecting. For it'sfeatures it can solve traditional database synchronization problem. Theblockchain technology comes with six key elements (Ferrag et al., 2018).

� Decentralized: It is the main feature of blockchain, which define,record, store and update each data in distributed way with peer topeer advantage; therefore no centralized node anymore.

� Transparent: Recording data in blockchain system is transparent foreach node, it also maintain the transparency on update the data; thatis why blockchain is trusted.

� Autonomy: Using consensus, each and every single node present onthe blockchain be able to handover or modify data securely. Thenotion is establish a trust-based system form one to all. Therefore thesystem is secure.

� Immutable: In blockchain every published data will be kept forendlessly, until and unless someone can take in charge or controlmore than 51% node in the unchanged time.

� Open Source:Maximum case blockchain scheme is open to everyone,record can be validated publicly even if someone want to create anyapplication as per requirement; they can do it effortlessly.

� Anonymity: Blockchain technology resolves the trust problem be-tween nodes, so data handover or even contract can be nameless, onlyperson's blockchain address is needed.

Mostly in the block, it holds main data, hash of present block, andhash of preceding block, timestamp and data information. Fig. 1 showsthe organisation of blocks into a continuously growing blockchain.

� Main data: Define what service request is made by the blockchainapplicant, like business deal records, bank payment records, agree-ment records or IoT statistics record.

Fig. 1. Traditional blo

60

In our framework based case study some IoT related real time datahave been in consideration.

� Hash: When a transaction is implemented, it had been hashed to aprogramme before broadcast to every other node. Because, a blockcan contain thousands of transaction records, to generate a final hashvalue blockchain use merkle tree function that is root of merkle tree.This last hash contain block header with hash of current block. Usingmerkle tree function, data diffusion and computing resources can beextremely minimized.

� Timestamp: When block or node is generated, blockchain countsthose time spans as timestamp.

� Supplementary Information: It may be signature of the block,value, or some data defined by the user.

2. Related work

Risk identification, analysis and modelling of risks are mainly focusedin IoT services (Gai et al., 2018). The risk modelling is the primaryobjective of the work, and for that, some notable works on the riskidentification and relative risk reduction are mentioned. In (Gramoli,2017; Lazarenko and Avdoshin, 2018) some IoT challenges like denial ofservice (DoS), eavesdropping, and physical damages related issues havebeen raised by the researchers. It also shows some interesting properties,strength and weakness of the IoT platform but no solution is provided forthose challenges so far. However blockchain can be the adaptive solutionof IoT relies machine-to-machine communication; it can provide con-nectivity for anyone at any time in secure manner. The generic archi-tecture of IoT, distinguishing features, challenges associated with thedevelopment of IoT and applications of the IoT are briefly described in(Mingxiao et al., 2017; Peterson et al., 2016). In future, IoT will createmassive networks of more than a trillions of “Things”, communicatingwith each other. Communication faces developmental, hardware, tech-nical, privacy and security interrelated challenges (Lee and Lee, 2017).All of these difficulties are described in brief in section 4. The scope of theIoT in the modern world followed by brief description of related issues ispresent in (Kshetri, 2017). IoT characteristics, some of the technical andapplication oriented challenges which can be addressed by blockchainsolution are also identified in this paper. IoT applications focus onsensing the environment, interaction and providing the information tothe users (Zhang and Wen, 2017; Choi et al., 2016; Lee et al., 2016). Anoverview of key challenges and opportunities presented by this newtechnology are illustrated in (Ali et al., 2015) (Roy et al., 2016). Table 1highlights various challenges regarding IoT data transfer and computa-tion with possible solution using blockchain.

ckchain structure.

Table 1Challenges related to IoT service model with blockchain oriented solution.

Dispute Justification Prospective BlockchainSolution

RobustConnectivity

Challenging issue to connectexponentially increasingnumber of IoT nodes. Eachnode is vulnerable in naturedue to various attacks likedenial-of-service, remotehijacking, data stole, hacking.

Smart device-to-deviceconnectivity. Identify eachdevice with verification toguarantee that the originatoronly can send and definitedestined device only can listento the message.

EfficientArchitecture

Faces bottle neck problem aseach IoT block consists ofsome point of failure, makesthe intact network disrupt.

No more centralizedmanagement; Smart contractupdate formulae to ensureautomatic secure execution.

Time ConstraintandAvailability

Cloud server down due torecovery from cyber-attack,unnecessary increased ofresponse time while managingdata security.

Remove single point failure.Distributed data holding andcomputation.

Security andDataProtection

Information hacking andmanipulation of data canresponsible for entire IoToperation.

Distributed data store tohandle chain reaction ofharmful malicious attack.Interlock provision: Systemrejection if single appliance'sblockchain update isbreached.


Security and data privacy remain the major issues for the IoT service(Lin and Liao, 2017). Extensive researches have been achieved towardsthe development of IoT service. Some IoT communication protocols andcross-layer mechanisms has been proposed in (Clifton et al., 2004). IoTsecurity challenges and their solution have been briefly discussed andeight different categories are identified (Abie and Balasingham, 2012).They raised some open issues for the future research in this domain. It isshowing that conventional cryptography is not completely apposite forthe IoT systems, because of limited storage and computational space. Anencrypted query processing system for IoT also has proposed with inbuiltefficient database query processor in (Roy et al., 2018). In a newapproach in query processing to reduce latency for IoT services has beenproposed. A light weight encryption algorithm for home automation hasbeen discussed in (Walker et al., 2005), based on identity-basedencryption (IBE) technique. It is the combination of Diffie-Hellman Al-gorithm and IBE. This technique is known as Phong, Mtsuka and Ogata'sstateful IBE scheme. Four distinct type of IoT devices attacks: software,physical, network and encryption has been identified in (Cai et al., 2014).A unique IoT heterogeneous identity-based authentication technique forIoT devices has been illustrated in (Kim et al., 2017). A dynamic riskassessment technique for the IoT has been proposed in (Makhdoom et al.,2019), which is inspired by the artificial immune system. A conceptualrisk management framework in the domain smart working environmenthas been illustrated in (Huh et al., 2017). An illustrated risk assessmentframework for cloud service eco-system has been proposed in (Zhanget al., 2018). Four risk categories, namely general, technical, policy andlegal risks and risk assessment model are the main contribution of thearticle (Makhdoom et al., 2019). Some empirical risk analyses for homeautomation system are illustrated in (Lin et al., 2018). Someproduct-based and scenario-based approaches are briefly described in

Table 2Risk identification according to various layers.

Layer Natural disaster Malware MIMA BACKDOORA Bugs

Perception Layer ✓ ✓ ✓ X ✓

Network Layer X X ✓ X XMiddleware Layer X X ✓ X XApplication Layer X X ✓ X XBusiness Layer ✓ ✓ ✓ ✓ ✓

MIMA- Man in the Middle Attack.BACKDOORA-Distributed Denial of Service Attack.

61

(Kim et al., 2017; Huh et al., 2017). The use of blockchain in fog and edgecomputing is proposed in (Tuli et al., 2019). The risk modelling, riskanalysis of IoT services and the associated risks to a particular layer of IoTare figured out in this article. In Table 2, a comparative study is shownwith the existing approaches. The article therefore proposes a risk anal-ysis based secure IoT solution with the help of blockchain.

3. Contribution of proposed work

We are living in a digital world and this digital interfaces support tomake smart life style (Gai et al., 2018; Gramoli, 2017; Lazarenko andAvdoshin, 2018). IoT plays a significant role to make this kind of digitalworld. In IoT platform every objects are connected with each other's andform a huge communicated network (Mingxiao et al., 2017). In this in-tegrated network data can be availed publicly after published to reach tothe destination node. These published data become attractive for hackeror intruder although this data are quite personal and sensitive. Toovercome this mishap we develop a secure solution using blockchain.The contributions are of the proposed methodology are as follows:

i. Proposed algorithm offers end to end safety of transaction usingblockchain.

ii. Slow transmission rate issue of blockchain is reduced in thisproposed framework.

iii. For secure transaction, trust based calculation is done afterchoosing a network path.

iv. We provide different case studies along with correspondingproblem and it's solutions.

v. Various attacks are fabricated through emulation using Kali Linuxtools for experimental purpose.

vi. We also provide android based QoS aware monitoring interface tocontrol the network.

4. Risk observation in iot and case wise solution platform

IoT have different functionalities and some dependability asmentioned earlier. In this section, some risks of IoT environment haveillustrated with case studies and therefore we can easily point outblockchain benefit.

4.1. Case 1: man-in-the-middle attack

Problem 1: Till date HTTPS and TLS are used for secure encryptedcommunications for public key infrastructure (PKI) and certificate au-thorities (CA). Every member has an asymmetric key pair having private/public and the private key is kept by them where public key is publiclyavailable. When a user desires to launch a secure connection, they takeoff their public key from the broker's source and encode data beforesending it, knowing, it can only be decrypted by the receiver becausereceiver have the private key. So the entire secure connection and systemintegrity depends upon the principal broker and owner of public keys.For a condition if broker goes down then communications will be un-successful. If the system will compromised for some reason thencommunication system will disrupt. Then attacker is able to accomplish

Poor CPU utilization Bottleneck in data transfer Loos of backup Virus

X ✓ X ✓

X ✓ X XX ✓ X XX ✓ X X✓ X ✓ ✓

Fig. 4. Backdoor attack during transmitting data without blockchain


man-in-the-middle attack by providing users a fake key pair and there-fore they can able to decrypt sensitive data (Arunkumar et al., 2017).

Solution 1: On the other hand, blockchain is an approach that makesMan in the Middle attacks almost impossible. At the time user announcethe public key on the blockchain platform, the data will be circulatedover thousands and billions of nodes or blocks, and sender store the linkto previous blocks. It will be difficult for hackers to avoid the cryptog-raphy that creates the blockchain immutable. So, not a single node willstrictly compromise their keys. Fig. 2 is showing possible man in themiddle attack during data transmission from sender side to receiver sideand Fig. 3 is showing blockchain based recovery from man-in-the middleattack.

based security.

Fig. 5. Recovery of backdoor attack and transmitting data.

4.2. Case 2: backdoor attack

Problem 2: Backdoor attack is one of the tricky attacks to identify. It isan effortless process to inject malware or virus into the network. Some-time this virus affected module is behaved as backdoor; that means thisinitial module is exploit as a platform for downloading and design theactual attack. For example, when software is developed, some loop holeis created for testing and checking purpose; but this is also a way ofbackdoor attack if this loop holes are not permanently removed from thatspecific software. This scenario is depicts in Fig. 4.

Solution 2: Backdoors can be very difficult to detect, and the detectionmethod also varies considerably depending on the computer's operatingsystem. Here we apply block chain that is able to improve system securityand trust this is shown in Fig. 5.

Backdoor attack scenario is basically to make a backdoor channel toenter into a target machine without knowing it's owner. The attacker sidesends some shell script programming as payload which are able to openparticular port of target machine which can be used by the attacker infuture, on demand. In our proposed framework the connected IoT sensornodes are using trendy MQTT protocol to transfer data from sender nodeto receiver. MQTT protocol only accept some meticulous message toresponse in order to data transaction. The blockchain framework checkseach request carefully and if it is found that the coming request is anykind of script or malware payload then the lightning network mechanismimmediately ignore to mining that coming block. Only message and it'shash blocks are allowed to mine the block into network for IoT data

Fig. 2. Man in the middle attack during transmitting data from sender side toreceiver side.

Fig. 3. Man in the middle attack recovery using blockchain while trans-mitting data.

62

transaction. Thus the backdoor attack is prevented using blockchainlightning network into our proposed framework.

Table 2 identifying common risks according to various transactionlayers. IoT platform is completely a request/reply progression dependingupon the data collected from the real time environment (Roy et al., 2018;Walker et al., 2005; Cai et al., 2014). Thus unavailability of certain datacan stop continuous IoT service execution, which can curtail the speed ofthe computing service and make the service unavailable.

Therefore, in this article particularly man-in-the-middle attack andbackdoor attack have focused; both of which causes data loss at the endof the transaction (Zhang and Wen, 2017; Makhdoom et al., 2019).Natural disaster can happen anywhere around the globe that makes theservice unavailable. There are several pseudo cloud provider, or mali-cious insider are present within the cloud platform. Cloud malware isinjected into the SQL codes as well as into the transmitted data, whichresult is service failure. Man in the middle attack is one of the causes thatlead to IoT service failure (Zyskind and Nathan, 2015). Distributed denialof service (DoS) attack makes all the resources unavailable for the users.CPU utilization and I/O processing are two important system perfor-mance guidelines. The downward performance of any parameter canhamper desired IoT services. Meanwhile, loss of backup from any datacentre is alarming and top of that, the IoT service is fell into a dangerousposition. Some service providers have false licenses and intend to harmusers’ security and information should be recognized.

5. Proposed approach

Blockchain has numerous advantages: cryptography, immutability,provenance, decentralized, computing infrastructure responsive, decen-tralized transaction-processing platform, decentralized database, sharedand distributed accounting ledger, software development platform, cloudcomputing, peer-to-peer network etc. over centralized system. Thisarticle considers blockchain to develop a complete secure parallelnetwork for IoT network. Proposed architecture is divided into threemajor UC sections called public Network, cloud Network, enterprise orparallel network.


5.1. Public network

In a public network domain, different types of users like adminis-trator, developer, operator, and auditor and lastly business users exist.User data of public network are directly transferred to the edge device orservers. This edge servers include service capabilities, need to deliverfunction and content to the users via the internet and responsible fordomain name system (DNS), content delivery network (CDN), firewalland load balancing.

5.2. Cloud network

Proposed cloud network is enriched of blockchain and its application.Here we apply blockchain application which is able to handle all otherconsecutive applications by taking required information form APImanger along with web application and runs into the end user device.Then it directly connects to the API manager and later to the edge server.API manager is responsible to manage blockchain platform. Blockchainplatform is built with some high level components like consensus, ledger,membership function, traction, event distribution, communication

Fig. 6. Proposed architecture-for providing a sec

Fig. 7. A secure platform for fast an

63

protocol, crypto currency, secure runtime environment etc. These ser-vices are designed with the concern for developing secure and robustcommunication system. These fundamental services therefore applied ingovernance procedure. Each policy includes different aspects of securitymentoring and intelligence for systemmonitoring, log analytics for threatdetection and avoidance provides a secure smart IoT based service. Allthese applications are managed by system manager which is also con-nected to the network level, able to design well maintained serviceplatform. Collected data is transferred to the last level via bridge 2 that istransformation and connectivity level. Transformation and connectivitycomponent enables secure connectivity to the enterprise or other parallelsystems. Fig. 6 represents the proposed blockchain based architecturewith QoS level security solution. The system is trained to detect attacks,classified the attack and does possible recovery of the duped data afterattack, that is shown in Fig. 7.

5.3. Enterprise or parallel network

The enterprise application could be legacy application whom theblockchain application interacts with. Enterprise data include

ure, optimized, QoS analysis based solution.

d no involvement of third party.


transactional, application or log data enterprise directory are there intothe wireless network to support secure access of the enterprise. Among allothers limitations of blockchain, slow data transfer rate is the biggestproblem due to slow decision making process by the network manager.To solve this difficulty, here we introduce parallel network for enterpriseor data sorting based organizations. This network will select the smallestpath with nominal network concession to speed up the overall process.

6. Working procedure

Blockchain is the best tool to make the network secure. Many de-velopers, entrepreneurs and start-ups who are acting as a connector be-tween the administrator and users are able to build platform that caneasily disrupt the web's current centralization architecture successfully.Here is just a way to develop application that removes the need of thirdparty monopolies. This proposed work is divides into three major sec-tions; encryption using blockchain, QoS analysis and decryption. Ourproposed framework is useful for upcoming industry called industry 4.0(Yang et al., 2018).

6.1. Encryption

Proposed algorithm prevents the man in the middle attack of IoTservice through this encryption phase. The Algorithm 1 is used to encryptthe sensor data which is published by the sensor during the communi-cation period.

Algorithm 1Encryption Algorithm.

RightShift (char, no) is the function in which any given character isconverted to the ASCII value then right shift it by some numbers “no”. Forexample, if we perform (MICRO, 3) then it will give us PLFUR. After

64

taking the character, it will convert to the ASCII value of that characterand then shift. In the example, 3-bit right shifting is performed.

6.2. Blockchain to ensure security during transaction

After encryption is done this encrypted application is transferred tothe blockchain. It follows distributed and decentralized data structurewhich creates a digital ledger of transactions (DLT) and shares it betweendisseminated networks.

These blocks of encrypted data are connected with each other's tomake an extremely secured distributed database, which is noticeable tothe administrator as well as users, except hackers. The database createdby numerous people altogether but cannot be altered or updated by anydistinct user. This is remove all the probabilities of fraud or third-partyparticipation like man in the middle attack, backdoor attack etc.

With more precisely when a digital transaction is demanded bysender, it is kept in a cryptographically secure block and sent todistributed network, which is also known as the peer-to-peer (P2P)network. This P2P system runs various algorithms to estimate, authen-ticate and validate the suggested transaction.

If a bulk of nodes agree with a particular transaction and then definetransaction as valid— that is, identifying info competitions the blockchain's history— then new operation will be permitted and a new blockwill be added to the chain else the block is rejected. After the transactionis recorded in the block, it is visible to every viewers though cannot bemodified. Each individual block, belongs to a chain is connected to the

previous and next block which creates it difficult to track a separate re-cord. In order to intrude the security system, the hacker would need tohack each single block contains record that is interconnected altogether,

Fig. 8. A secure and step by step details description along with Advantage of blockchain environment.


which is nearly impossible and transaction occurs successfully. Fig. 8depicts the detailed scenario of secure transaction using blockchain.

6.2.1. Adding data to the blockchainBasic occurrences of block adding into the blockchain are shown into

Fig. 8. In the proposed framework, similarly as bitcoin, a block is joinedto the blockchain after a time interval. With the help of PoW function, thedifficulty regarding time interval for bitcoin has resolved. Inspiring frombitcoin, our proposed network also defines a steady interval to add a newblock, named as block period. The network goes through total fourdifferent stages of action in this block period. Initially, the transactionphase of circulation starts at timeTυ, transactions are directed accordingto that called miner_block. This first phase lasts untilTγ ; then may theminer node starts rejecting new connections to form the block. In (Laz-arenko and Avdoshin, 2018) the block verification request (BVR) phasereview is transferred after collecting the new block from quarry. Afterverification it returns to the signed block return phase (SBR) (Choi et al.,2016; Lee et al., 2016). After completing the previous phase, the blocksstart to add miner_block to its neighbour blockchain, until it comes to thelast phase, new blockchain distribution (NBD). The below mentionedAlgorithm 2 describes this procedure in supplementary aspect. First start,then elect miner_block with empty set of pending transitions E. Trans-action is started after that. Although it is noted that the miner cannotmine by itself contacts define in next line, where it is accepted from theset of nodes X. The minute of signing the block, to sign at least onetransaction is required for a block. This calculation is publicised in nextline. In last part of the first section, the concept of blockchain is broadcastto the entire network.

65

6.2.2. Block miningMining means add a node or block to the already existing blockchain.

The main aim of the mining is to escape disadvantage of proof of work[PoW] model. In PoW (Mingxiao et al., 2017) computational energy ofnetwork is exhausted without making any essential value. Rather, ourgoal is to meet at system consensus by imposing nodes to deliver proofthat the records of a transaction can be done with profoundly understood.However every demanding node has to authenticate these authorityproofs. This method is defined below to ensure blockchain stability, butalso motivated inter-operability between the blocks in blockchain.

6.2.2.1. Proof of interoperability. Proof of interoperability (PoI) is used toelude some of the shortcomings of proof of work (PoW) model. Specially,it is considered as a controller for the effort necessary to do someessential works like matching the network consensus (Gramoli, 2017): tocheck the reasonable incoming communications with respect to a knownset of semantic and structured constraints. Here, the interoperabilityparameter is the uniform resource locator (URL) account. As definedearlier, conformation of semantic and structured, permitting organisa-tional constraints on attributes like coordinate and categorised alongwith semantic constraints uses change of values. Second part of the al-gorithm 1 describes proposed method in more detail. For transactions, itstarted to check whether account profile is matched with previouslyknown sets of permissible accounts or not, using Check AccountConformance function account is recognized and get conformance. Thisaction will use to make an authorisation call to the server. The outcomeof this method is a response from executed operation that is also checkedfor conformance using Conforms function.


PoI require network consensus in the set of allowed account, inclusiveof the content along with value sets. This consensus reached via pro-gramming. Network agreement is an intelligent human-based method,where the system members exchange and co-operate in term ofterminology.

6.2.2.2. Block Miner Election. In a PoW consequence, miners help toselect right block which will next added to the blockchain. We employthe system using multi chain making procedure. Multi chain hasnumerous advantages. It is able to point out begin of the block period.Who will be the next miner also is known to the previous node, make thetransactions directly. Next, the evenly scattered system need to be keptsteady for conform transaction. Lastly, by removing the competition ofproof of work, we exclude wasted computational work. This completemethod is explained in algorithm 2. In first part of algorithm we havetried to add some blocks in the blockchain for contributing nodes to sign.For signing procedure every node needs to submit a random amount thatwill use for miner election. According to the algorithm, first all randomnumbers are collected along with its hashed function to generate newblock. Then according to closest match with public key next mining isdone. This process prevents a node from producing a non-random figureindividually. The miner election procedure is defined in last section ofAlgorithm 2.

Algorithm 2Applied Working Principle of Blockchain and Block Miner Election

Input:X¼ Set of nodes in networkЕ ¼ Representing a sequence of (e0 … ex) where ex is the present blocks of theblockchain.

Tγ ¼ The completion of the Message Circulation phaseFr ¼A valid set of network agreed URIs.βa ¼ the current block being assembled.βx ¼ The present (last) block on the blockchain,Vt ¼A set of valid transactions.φ¼A randomly elected miner blockStart{Application transfer as encryption algorithm{/*Creating and add a block to the blockchain*/φ ← ElectMinerBlockðβx ;XÞ;Е ← fg;WhileTiðÞ < TγdoForx2 X� fφgdo

Е← Е [ GetTransactionFromBlockðxÞ;βa ← AssambleblockðЕÞ;/* X

0is all block with� 1 transaction*/

X ' ← fx2 Xjð9tcÞ½ 2 Е ^ IsOriginatorðx; tcÞ�g;Forx 2 X 'doSingleBlockðβa;xÞ;

Bc ← AddBlockðB;βaÞFor x 2 XdoDistributeBlockchainðBc;xÞ;

/*Proof of Interoperability*/Vt ← fg;For everytc 2 Еdo

(continued on next column)

66

Algorithm 2 (continued )

U ← ObtainURLðtcÞ;A ← ObtainCorrectAccountðtcÞ;IfA 2 Frthen

/*using Correct URL “Validation” done*/R ← CheckAccountConformationðU;AÞ;IfConformationðRÞthenVt ← Vt [ ftcg;

/*Miner Election*/SR ← ObtainRandomRootðβxÞ;H ← ObtainBlockHashðβxÞ;For everysr 2 SRdoh ← Hashðh þ sr Þ;

φ← wherejObtainPublicKeyðxÞ� hjis nominal for ever block x;End}/*Parallel Optimized and Secure Network*/After verification is completed it go for find optimized path according to algorithum3}After verified application transfer for decrypted by decrypt algorithm}

6.3. Parallel network connectivity

After verification procedure is done by blockchain it moves to findbest secure path through parallel network for completing the transaction.

6.3.1. Check network congestionFor doing the network congestion checking, here K –nearest neigh-

bour is applied first to calculate Euclidian distances between source node(block)Si ¼ 1, to all other nodes; here we define asF ¼ fF1;F2;F3:::Fj1g.After that, top five (K) nodes make a group along with all calculateddistances. From this top five node distances, the smallest distance isselected for next procedure but here we need to check that either theselected path is congestion free or not, if it gets congestion then accordingto Algorithm 3, it changes the smallest path and select next minimumvalue from that top five (Veres and Boda, 2000).

6.3.2. Check trust valueIn blockchain, it is accepted that every block or nodes are similarly

doubtful and their nature toward decision-making procedure is exclu-sively depend on the proof-of- interoperability. For more detail, everynodeX, Trust∞ResourcesðXÞselects the node's weightiness in votes. Some ofthe attacks oblige the system unnecessary energy drainage and systemwith high-latency. In proof-of- interoperability is used to find which nodeis coming with decant and minimum resources in the organisation; thoseare taken less likely to fraud. So here also we state a parameter tocalculate trust based on node behaviour. Some predefine values are set todefine a good behaviour of a node. Evenly, as it is for a binary randomvariable, the predictable rate is just the probability. Approximate prob-ability is done by calculating the quantity of good and bad activitiestaken by the nodes, then by the sigmoid function gets a probability.

TrustðSiÞF ¼ 11þ e�ϑð#good�#badÞ (1)

Algorithm 3Parallel Optimized and Secure Network.


After this calculation, the node gain more weight in network astrusted one and calculate blocks more professionally. Using this methodan IoT based network successfully can resist from various backdoor andman-in-the-middle attacks. This might be helpful while selectingdifferent nodes, according by their trust value, to elect on every block andthen it will judge with equal majority. This system also prevents aparticular node to spare too much influence.

6.4. QoS-parameter aware for cross validation

For validated resource allocation, transmission ratio different type ofQoS parameters used have been for cross validation those are availabil-ity, reliability, elasticity and responsiveness (Roy et al., 2016).

6.4.1. Availability (A)Availability of a system is being active or accessible at a particular

time. Resources and services are needed for parallel network computing.If the resources are available, we can easily check system access condi-tion before and after attacks. Here we will measure system condition interm of resources availability. Suppose a user system has been assaultedby a hacker through man in the middle attack and after that system haslose maximum memory, CPU and other resources. After using the pro-

67

posed framework the system can recover. Nowwewant to show each andevery condition of system using QoS monitor application (Ali et al.,2015). It will help to understand the specific system owner in a bettermanner. The possibility that system is available is specified by Formulae1 and amount of resources wanted to deliver over desire availability isspecified by Formulae 2.

Av ¼ 1� ð1�<Þρ

ρ ¼ ln ð1� AvÞln ð1�<Þ

(2)

Availability lies in the midst of0� A � 1, whereas<andρare signi-fying the available resource and desire resources needed to satisfy theoverall system.

6.4.2. Reliability(Ra)Reliability defines itself by the system capability to perform a work

for specified circumstances within a particular time period. The systemcontains of memory, CPU cores and storages. The reliability of a machinedesires the consistency of these hardware modules. If a single module ismiscarried, then a machine will fail to survive. So, here reliability mea-sures depend on QoS basis of hardware modules of servers used for a


machine or pc as specified in Formula 3.

Ra ¼Ypm¼1

Yqn¼1

1� ð1� Rβi Þn (3)

Reliability lies along with0� Ra � 1, whereasRβi is reliability of m ¼1component from ptypes and n ¼ 1to qepochs certain module used.

6.4.3. Scalability (S)The scalability can be defined at the time when work load crosses the

system capacity or threshold. Here we used AWS services for calculatingthis parameter. It can change scale according to assignment. Imagine, anoperator fixed his threshold at 85% and if after attack resource crosses its

Algorithm 4Decryption Algorithm.

threshold, then a fresh virtual resources is added with the present systemas specified in Eq. (4).

After using proposed framework if system backs to its normal con-dition then extra resources are back to the resource pool.

Rthreshold <Rconsumed

Rallocated(4)

NowRconsumedis the rate of used resource by customer,Rallocated is theentire assigned resource andRthresoldis the threshold rate of exact stock.

6.4.4. Responsiveness (η)Responsiveness is expressed via how rapid an organisation response

after defer to an application. Responsiveness mostly based on the amountof CPU, processing ability along with bandwidth allotted to users.Responsiveness is measured by Eq. (5)

η ¼1�

Z n

i¼1Ti

Tmax(5)

Now0� η � 1specify responsiveness, Tisignifies time of accomplish-ment also submission of ithapplication, Tmaxand signifies maximum

Table 3Some parameter with the expressions.

Parameter name Abbreviation

Ri Random variable used to define any cause has occurred or notpr Recover probability from the ith causeCi ith cause in the list occurredηi The cause of the occursκi The service is not recovered from the cause of the listω Sum of the all listed failuresPar Possibility of IoT service failure after using this approachPbr Probability of IoT service failure without using this approach

68

conventional time to submit an appeal n, is amount of applicationallotted to process and for the used process function is f.

6.5. Decryption

Decryption algorithm is similar to the encryption algorithm. In thatalgorithm, the left shift operation is done in the cloud. The Algorithm 4 isused to decrypt the sensor data which are received. LeftShift(char, no) isthe function in which any given character, is converted to the ASCII valuethen left shift it by some numbers “no”. For example, if we perform(PLFUR, 3) then it will give usMICRO. After taking the character, it willconvert to the ASCII value of that character and then shift. In theexample, 3-bit left shifting is performed.

7. Risk modelling

7.1. Risk analysis

Various constraint are obligatory for developing the model for riskreduction, are represent in Table 3 with their abbreviations.

There are numerous existing restoration mechanisms related to everysystem failure. The parameter table associated with this risk modelling isshown in Table 2. It is considered that a service hampers due to any causeor an interrupt namely attack if that cause has appeared during providingIoT services to the customers.

Definition 1. Risk occurrence in IoT

Riis a random variable which is define in Eq. (1). The value of therandom variable may be 1 when any cause in list occurred with havingsome probability otherwise Riwould be 0.

Ri ¼ 1ðCithcause OccouredÞ = � with probability Pi�=¼ 0ðCithcausedidnot OccuredÞ = � with probability ð1� PiÞ�=

(6)

Where 0 < Pi < 1withi ¼ i1:::i2valuePðRi ¼ 1Þ¼ Pi; 8Pi 2 P; It is foundthat the foundation of the Ri follows the Bernoulli's Distributionwith PiIwhich signifies the probability of occurrence of the Ci

th cause in the list. Itis assumed that, all the causes are occurred independently thenRi is in-dependent distributed. If it occurs then it leads to the IoT servicebreakdown.

Definition 2. Recovery from the risks in IoT

Lots of recovery mechanisms present to prevent attacks (Makhdoomet al., 2019; Lin et al., 2018). Most of the IoT service failures occur due tothe offensive performance of recovery function. We considerpras recov-ery probability from the Ci

th cause in the list which is mathematicallydefined in Eq. (2).


P Recover fromCthi ¼ Pr

P�Notreccover fromCth

� ¼ ð1� PrÞ (7)
� �
i

Definition 3. IoT service failure for risk

The probability of the IoT service failure from that Cthi cause¼

Pðηi �κiÞ where ηiis the cause of the Cthi occurs andκiis that the service is

not recovered from the Cthi cause of the list. Eq. (3) represents that the

reasons of the Cthi occur, but the service is not recovered from the Cth

i causeof the list. Now from the theory of the conditional probability we get,

Pðηi � κiÞ ¼ PðκiÞ � PðηijκiÞ¼ ð1� PrÞ � Pi;8Pi 2 P

(8)

Analysis 1. IoT service failure for the identified risks

Here we consider a random variable ξi as the Bernoulli distributionvariable which indicates the values of ξiwill be 1 if the service is a failurefrom the Cth

i cause in Eq. (4).

ξi ¼ 1 = � with having probabilityð1� PrÞ � Pi*=¼ 0 = � with having probability½1� fð1� PrÞ � Pig�; 8Pi 2 P

(9)

Now we calculate the sum of the all listed failures which are conse-quences of the listed threats before using this approach, which is denotedby the variableωbefore. ωbeforeis calculated by adding all the ξivalue which isnothing but the sum of all the failures.

ωbefore ¼X12i¼1

ξi (10)

The value of ωbefore can vary between 0to12. We know the value ofωbeforefrom Eq. (5) and use it to find service failure from any cause beforeusing this approach. The probability of the IoT service failure from anylisted causes is calculated by using Eq. (6).

P�ωbefore > 0

� ¼ 1� P�ωbefore ¼ 0

�

¼Y12i¼1

ð1� PrÞ � Pi; 8Pi 2 P(11)

The probabilities of Pi and Pr are to be estimated, in which Pi can be

Fig. 9. Experiment setup for collecting sensor data, uplo

69

easily found out by using the Poisson distribution model to the obtaineddata of the failures and every cause is fitted as the Poisson variable.Variable Prcan be calculated by using the normal approximation of thefailures.

Analysis 2. IoT service failure after using this approach

After using this approach, we try to mitigate the man in the middleattack from the IoT services. 11 different causes have remained for whichIoT service may fail. In Eq. (7), we calculate the sum of the all listedfailures after using this approach by the variable ωbeforewith the help ofEq. (4).

ωbefore ¼X11i¼1

ξi (12)

Now the value of ωbeforecan take values as 0; 1; ::::;11. The probabilityof the IoT service failure from any cause after using this approach iscalculated by using Eq. (6). The probabilities of P'

i and P'r are to be esti-

mated, where P'i can be easily found out by using the Poisson distribution

model andP'rcan be calculated by using the normal approximation. The

probability of the IoT service failure from after using our approach isshown in Eq. (8).

P�ωafter > 0

�¼ 1� P�ωafter ¼ 0

�

¼Y11i¼1

�1�P'

r

�� P'i;8P'

i 2 P' (13)

7.2. Risk reduction

Proposition 1. Risk reduction after using the proposed approach

Relative risk measures how much risk is reduced by using ourexperimental approach compared to the typical existing approach.Ridenotes the probability of IoT service failure after using proposedapproach and Ri indicates the probability of IoT service failure withoutusing proposed method. Riis calculated by using Eq. (8) and Ri is calcu-lated by using Eq. (6). The relative risk reduction is calculated by usingthese two equations. The formula of relative risk reduction is shown in

ad and monitoring via QoS monitoring application.


Eq. (9). Relative risk reduced by our approach is formulated by thefollowing:

Related Risk Reduction ¼ Pbr � Par

Pbr(14)

Now we calculate the relative risk reduction by subtracting Eq. (8)and Eq. (6). And divide the result by Eq. (6). Relative risk reduction isformulated by Eq. (10).

Related Risk Reduction ¼ P�ω>0

�� P�ωafter > 0

�P�ω>0

�

¼ 1� P�ωafter > 0

�P�ω>0

�

¼ 1�

Y11i¼1

�1� P'

r

�� P'

Y12i¼1

ð1� PrÞ � Pi

(15)

Here we assumed that all the causes’ occurrences are not dependenton each other. Some further study can be done on the interdependence ofthose causes. This analysis has to be done by the MQTT broker. Everyservice has differentPðω > 0Þ values which are considered as vulnera-bility quotient of that service.

8. Experimental setup

Phase 1. Sensor data fetch and upload

It is revealed that among all attacks, the man in the middle attack isthe maximum damaging in the IoT layers while exchanging data betweenthe users and providers (Lee and Lee, 2017). In Fig. 9, the block diagramof the experimental setup has been proposed for demonstration ourencryption and decryption algorithm. Some basic sensors like heatsensor, temperature sensor, humidity and light sensor have been used totake data from the environment, and after that, the sensed data are sentto the Arduino UNO. After processing those data, Arduino UNO sendsthose data to Raspberry Pi 3 for storing them within a file. Next, the datafile has been transferred to the cloud server for further processing by

Fig. 10. (a)View mining after and before transac

70

using the MQTT protocol with QoS level 2. A virtual private network(VPN) has been utilised for this whole experimental setup. The publiccloud servers have been used for back up.

To accomplish the experiment a four pins temperature sensor withhaving accuracy level plus/minus 2 C and three pins heat sensor areused to sense and collect data from lab environment. Both the sensor hasthe working voltage of 5 V. For the experiment, the Arduino Uno is used,which is nothing but a microcontroller board based on the ATmega 328,having 6 Analog input pins, 14 digital I/O pins, a power jack, a USBconnection, a reset button and a 16MHz resonator. Sensors are placedaccording to the block diagram of the experiment with proper connec-tivity and power. Raspberry Pi 3 is a powerful credit-card sized singleboard computer can be used for several applications and have the abilityto run multiple programs at a time. It has USB connection port, storagespace, and an operating system. Comparing to Arduino Uno, it has morestorage and processing capabilities. Amazon Web Services and Open-Stack acted as a public and private cloud respectively. All the data arestored in the database of the AWS cloud provider. The AWS Cloud pro-vides us with a set of infrastructure services, such as storage options,databases, computing power, and networking options. OpenStack is acloud that controls large pools of storage, compute, and networking re-sources throughout a data centre. All tasks are managed through adashboard with the help of a web interface that gives administrators tomanage those resources. To publish the collected real time IoT data hereMQTT protocol has used.

Phase 2. Blockchain Implementation using MQTT

In this section, a basic demo blockchain server and a blockchain clientusing Python are implemented. This proposed blockchain framework isensuring these features: transactions of real time encrypted IoT datausing RSA encryption technique, simple conflict resolution betweenconnected active IoT nodes from the lightning network, opportunity ofadding numerous IoT nodes to the blockchain, proof of work (PoW).Blockchain client ensuring some features are: wallets generation for IoTdata handling by Public/Private key encryption, making transactionsbetween active IoT blocks with encryption. We will also perform twodashboards: one for mining the blocks using created hash named asblockchain frontend for miners. Other one is for the users named asblockchain client. Using this dashboard customers are able to producewallets for IoT data storing purpose and they can make their secure

tion. (b)View configuration of mining block.

Fig. 11. a before Key pair generation in client portal. Fig. 11b. After Key pair generation in client portal. Fig. 11c. Make transaction using generated Key pair. Fig. 11d.After transaction to view.


transaction. Jupyter notebook is used for blockchain based IoT datawallet generation and to make encrypted transaction. To design thedashboards we have used HTML, CSS.

8.1. Blockchain Implementation for miner

From terminal, to create an active blockchain IoT node first have to gothe blockchain folder, and compile blockchain_client or along with

71

-p< PORT NUMBER>, the default to port 5000. In browser, set http://localhost:<PORT NUMBER> to see the blockchain frontend dash-board. The dashboard contain two tabs in the navigation bar:

� Mine: To view IoT data transactions and data along with to mine newIoT blocks.

� Configure: To establish connections among the different blockchainnodes.

http://localhost

http://localhost

Fig. 11. (continued).


The blockchain class having some attributes are described in Fig. 10aand Fig. 10b. The attributes are: transactions means the list of active IoTdata transactions which will added with the next block; Chain is an arrayof blocks present in proposed IoT blockchain; node defies a set holdingnode of URL to access the particular IoT block. Here blockchain is usedfor these nodes to retrieve data from other nodes and updates if they're

72

not in sync lastly having the node_id, and the hash. To recognise the IoTblockchain nodes a random string is introduced.

8.2. Blockchain client implementation

From terminal, to start the proposed IoT blockchain client dashboard,


first have to go to the blockchain_client folder, and compile the block-chain_client Python script. In browser have to write http://localhost:8080 and dashboard will run like Fig. 11. The dashboard containthree tabs in the navigation bar which are shown in Fig. 11a and Fig. 11b,c, Fig. 11d.

� Wallet Generator: To generate wallets for secure IoT data trans-action, a pair of keys are being generated as Public and Private keyusing encryption algorithm

Fig. 13. a. Reliability checking of resource before and after attack. Fig. 13b. Responsof resource before and after attack.

Fig. 12. a. Login page of QoS application. Fig. 12b. QoS available option

73

� Make Transaction: To produce IoT data transactions and send it toan active block of the network.

� View Transactions: For checking the committed transactions thatare made on.

In order to make or view transactions, at least one IoT block nodemust be running. A python class has defined for blockchain basedtransaction attributes. They are sender_address, sender_private_key,recipient_address, and value. These information are obligatory to asender to generate the IoT data transaction.

ibility checking of resource before and after attack. Fig. 13c. Scalability checking

s. Fig. 12c. Availability checking of resource before and after attack.

http://localhost:8080

http://localhost:8080

Fig. 14. Experiment result as temperature data is fetch.

Fig. 15. Graphical relation between heat index and time.


Phase 3. Quality of Services Checking Using Mobile Application.

For quality of service checking phase, we develop a small androidapplication namely QoS monitor for better desired service. According theobjective to develop a convinced system, a small experiment is done withsome attack like man in the middle attack, backdoor attack are injectedusing python through kali tools. After terminate the attack, operatingsystem has used 90% of CPU utilization, cache memory was full and someresources also nearly damaged. Where Fig. 12a and Fig. 12b show thelogin page and all the options are provided by the prototype mobileapplication. Options are namely availability, reliability, responsibilityand scalability. Figs. 12c–13c depict the availability, reliability, re-sponsibility and scalability respectively.

Therefore a time period is nessesary by the QoS assurance applica-tion, to check avilibility of the resources, system responsibility, relibilityand scalability. After chacking the strength of desired QoS parameters,we repeate this attacking procedure once again on our encryption-decryption algorithm to find the changes onthe system. After andbefore using same attack on our method gain the availability, re-sponsibility, scalability and reliability is recorded with the help ofdeveloped mobile application. Those scanpshoots are given for betterunderstanding.

9. Result and discussion

According to the proposed experiment scenario which has alreadyintroduced in section 6 with its set up, is finally explored with thegenerated graphs. Arduino Uno collects sensor data from the environ-ment and sent those data to Raspberry Pi 3 by usingMQTT broker to storeand analysis those data. More than one Arduino Uno can send the envi-ronmental data to a single Raspberry Pi at the same time. After that,Raspberry Pi 3 sends those data to cloud server with the help of cloudbroker. With the installed mobile application we can monitor thosesensor data by our smart phone.

Sample temperature, humidity and heat measurements are indexed inTable 4. The MQTT broker sends those sensor data to Raspberry Pi 3which is shown in Fig. 14. In Fig. 15 the heat index graph is shown withrespect to time. Further, these collected sensor data has used in the dis-cussion part of the experiment. Comparison between the proposedmethod with the existing brokering models are presented in Table 5.

In Fig. 16 and Fig. 17, the light sensor and tampered light sensor dataare shown. The deviation of the curve is happened due to the man in themiddle attack is done by fabricated emulation intentionally, using KaliLinux and its tools.

Here we discuss case wise solution according to our experiment ofdifferent type of attacks. For this list Man in theMiddle attack comes first.Problem and its solutions using our proposed algorithm are discussed.

Table 4Showing resultant sensor data after experiment is done.

Humidity Temperature Heat index

56.00 26.00 26.7855.00 26.00 26.0854.00 26.00 26.0753.00 26.00 26.0453.00 26.00 26.0152.00 26.00 26.0051.00 26.00 25.9850.00 26.00 25.9850.00 26.00 25.8849.00 25.00 24.0949.00 25.00 24.0849.00 25.00 24.0649.00 25.00 24.0949.00 25.00 24.0249.00 25.00 24.00

74

9.1. Case 1: man in the middle attack using Kali Linux and its tools

For demonstration purpose, man in the middle attack is done by ourside intentionally, using Kali Linux and its tools. Initially temperature andlight sensor data are shown as normal in Fig. 18 but after attack has donesome deviation of the curve has happened. In Fig. 19, the temperaturesensor data is processed by using our proposed algorithm and no devia-tion of the curve is visible; from which we can say that no man in themiddle attack takes place. Equation (14) shows that some risk has beenreduced by our approach.

9.2. Case 2: backdoor attack

For demonstration purpose, we consider application layer based httpflood attack (backdoor attack) by our side intentionally, using Python.First time 20 packets per second were sent to the targeted IP addressusing http protocol for 12min (with an interval of 1 min) and noted theend-to-end delay. Next we sent 50, 110 and 150 packets and noted theend-to-end delay respectively, but for the 150 packet set the targetedsystem was crashed (system turned-off) because of memory exhaust.Initially temperature and light sensor data are shown as normal but afterattack had done deviation of the curve is happened are shown in Figs. 18and 19. In Fig. 20 and Fig. 21, the temperature sensor data is processed byusing our proposed algorithm and no deviation of the curve is visible,from that we can say that no man in the middle attack took place.Equation (14) shows that some risk has been reduced by our approach.We also recorded the CPU utilization of the targeted system before andafter attack.

Table 5Comparison of proposed method with the existing brokering models.

Properties A QoS broker for hybrid cloud BSeIn: A blockchain-based secure mutualauthentication with fine-grained access control systemfor industry 4.0

Our strategies

Contribution Focus on security consideration forIoT from the perspective of cloudcomputing paradigm.

Develop a theoretical blockchain-based system namelyBSeIn, for distant mutual verification for fine-grained,suitable for Industry 4.0 placements.

This article forecasts the security issues solve usingblockchain associated with trust based congestioncontrol QoS monitoring system to get secure system.

Applied Hashfunction forSecurity

X ✓ ✓

Recover system afterattack

X X ✓

Trust calculation X X ✓

QoS parametercalculation

✓ X ✓

Risk Modelling X X ✓

Use MAC,CL-MRE forprotection

✓ ✓ X

Risk Identification&Reduction

X X ✓

Case Study Of Attacks X X ✓


The intension is to apply attack on system is, first to check either thisencryption decryption algorithm is sustain or able to work after getattacked. Second, using QoS parameter check the network condition;either after attack availability, reliability, responsibility, scalability andsecurity is functioning properly or not. If condition is true then proposed

Fig. 16. Experiment result as light sensor data.

Fig. 17. Experiment result as tampered sensor data.

75

algorithm and procedure is correct for entire system. As a demo, block-chain was implemented, from that we made transaction and accordingwith that a graphical representation is obtained. Fig. 22 shows totalnumber of transitions with respect of time and Fig. 23 shows confirmtransactions per day made by using developed blockchain security.

We used python and Kali as an emulating interface. We implementedthe man-in-the-middle attack so many times to affect QoS parameters(specifically availability and reliability) to show the results. In

Fig. 18. Light Sensor Data before Man in the Middle attack has done.

Fig. 19. Light Sensor Data after Man in the Middle Attack has done.


availability we will check CPU usage after attack and attack after applyproposed method. In Fig. 24 and Fig. 25, the CPU usage and availableresources in graphical way are shown.

We can see that three scenario more CPU has utilised after attack andrespectively less usage and more resource is available after applyingproposed algorithm. In Fig. 27, availability and reliability (R) areworking vies-versa. After calculating availability of resource it is provedthat QoS parameter is compulsory and we can recover a system afterattack through analysis of some QoS parameters.

Fig. 26 shows comparison of end-to-end delay during normal trans-mission applying MITM and BACKDOOR attacks. Reliability, re-sponsibility and scalability are done using AWS instants and resourcesearlier (Huh et al., 2017; Lin et al., 2018), however we have done withdifferent reliability of system constituents are; CPU, RAM and storage.

Fig. 20. Temperature data before attack.

Fig. 21. Temperature data after attack.

Fig. 22. Total number of transaction done in demo blockchain.

76

We can notice that proposed blockchain based QoS assessment acquiresup to 97.64% system utilization; 100% on RAM and 78.7% on storagerecovery.

10. Conclusion

Risk analysis and risk management are the foremost concerns in thegrowth of internet of things paradigm. As variety of vital information

Fig. 25. Available resources after attack.

Fig. 24. CPU utilization after attack.

Fig. 23. Calculate number of valid transaction done in demo blockchain.

Fig. 26. Compare end-to-end transmission delay.

Fig. 27. Overall reliability calculated after recover system based on CPU utili-zation, cache status and storage.


from the environment are collected through billons of sensor facilitatedsmall devices. The main goal of this paper is to provide a complete so-lution over IoT related attacks. Risk identification along with risks pre-vention using encryption and decryption algorithm and mainly use ofblockchain is done here for IoT services. In this article we have createdsynchronization between risks and resources. Identification of the risksand solution are discussed here. We have performed risk analysis and riskmodelling in IoT layer also demonstrated the mechanism of preventingman in the middle attack, backdoor attack in IoT using blockchain. Anexperimental analysis of the proposed approach has been performed. Byusing MQTT protocol and virtual private network, the man in the middleattack is prevented successfully. The proposed approach reduces therelative risk along with monitoring section is done by QoS mobileapplication of 97.64% system utilization, 100% on RAM and 78.7% onstorage recovery. This application provides the system condition beforeand after attack which is really need to recover a system of the IoTprototype. The field of IoT requires massive research effort to tackle thesecurity challenges, but it can provide economic, professional and per-sonal benefits in the future. Thus we can conclude that our approachmakes the Internet of things paradigm more secure by reducing the risksof attack as well as by recovering the system even after the attack.

References

Abie, H., Balasingham, I., 2012, February. Risk-based adaptive security for smart IoT ineHealth. In: Proceedings of the 7th International Conference on Body Area Networks.ICST (Institute for Computer Sciences, Social-Informatics and TelecommunicationsEngineering), pp. 269–275.

77

Ali, M., Khan, S.U., Vasilakos, A.V., 2015. Security in cloud computing: opportunities andchallenges. Inf. Sci. 305, 357–383.

Andersen, M.P., Fierro, G., Culler, D.E., 2017. Enabling synergy in iot: platform to serviceand beyond. J. Netw. Comput. Appl. 81, 96–110.

Arunkumar, S., Soyluoglu, B., Sensoy, M., Srivatsa, M., Rajarajan, M., 2017. Locationattestation and access control for mobile devices using GeoXACML. J. Netw. Comput.Appl. 80, 181–188.

Aslam, S., ul Islam, S., Khan, A., Ahmed, M., Akhundzada, A., Khan, M.K., 2017.Information collection centric techniques for cloud resource management: taxonomy,analysis and challenges. J. Netw. Comput. Appl. 100, 80–94.

Cai, H., Da Xu, L., Xu, B., Xie, C., Qin, S., Jiang, L., 2014. IoT-based configurableinformation service platform for product lifecycle management. IEEE Transactions onIndustrial Informatics 10 (2), 1558–1567.

Choi, B.C., Lee, S.H., Na, J.C., Lee, J.H., 2016. Secure firmware validation and update forconsumer devices in home networking. IEEE Trans. Consum. Electron. 62 (1), 39–44.

Clifton, Chris, Kantarcio_glu, Murat, Doan, AnHai, Gunther, Schadow, Vaidya, Jaideep,Ahmed, Elmagarmid, Dan, Suciu, 2004. Privacy-preserving data integration andsharing. In: Proceedings of the 9th ACM SIGMOD Workshop on Research Issues inData Mining and Knowledge Discovery. ACM, pp. 19–26.

Ferrag, M.A., Maglaras, L., Argyriou, A., Kosmanos, D., Janicke, H., 2018. Security for 4Gand 5G cellular networks: a survey of existing authentication and privacy-preservingschemes. J. Netw. Comput. Appl. 101, 55–82.

Gai, K., Qiu, M., Sun, X., 2018. A survey on FinTech. J. Netw. Comput. Appl. 103,262–273.

Gramoli, V., 2017. From blockchain consensus back to byzantine consensus. FutureGener. Comput. Syst.

Huh, S., Cho, S., Kim, S., 2017, February. Managing IoT devices using blockchainplatform. In: 2017 19th International Conference on Advanced CommunicationTechnology (ICACT). IEEE, pp. 464–467.

Kim, E., Chung, K., Jeong, T., 2017, October. Self-certifying ID based trustworthynetworking system for IoT smart service domain. In: 2017 International Conferenceon Information and Communication Technology Convergence (ICTC). IEEE,pp. 1299–1301.

Kshetri, N., 2017. Can blockchain strengthen the internet of things? IT professional 19(4), 68–72.

Lazarenko, Aleksandr, Avdoshin, Sergey, 2018. Financial risks of the blockchain industry:a survey of cyberattacks. In: Proceedings of the Future Technologies Conference.Springer, Cham.

Lee, B., Lee, J.H., 2017. Blockchain-based secure firmware update for embedded devicesin an Internet of Things environment. J. Supercomput. 73 (3), 1152–1167.

Lee, B., Malik, S., Wi, S., Lee, J.H., 2016, July. Firmware verification of embedded devicesbased on a blockchain. In: International Conference on Heterogeneous Networkingfor Quality, Reliability, Security and Robustness. Springer, Cham, pp. 52–61.

Lin, I.C., Liao, T.C., 2017. A survey of blockchain security issues and challenges. IJNetwork Security 19 (5), 653–659.

Lin, C., He, D., Huang, X., Choo, K.K.R., Vasilakos, A.V., 2018. BSeIn: a blockchain-basedsecure mutual authentication with fine-grained access control system for industry4.0. J. Netw. Comput. Appl. 116, 42–52.

Makhdoom, I., Abolhasan, M., Abbas, H., Ni, W., 1 January 2019. Blockchain's adoptionin IoT: the challenges, and a way forward. J. Netw. Comput. Appl. 125, 251–279.

Mingxiao, D., Xiaofeng, M., Zhe, Z., Xiangwei, W., Qijun, C., 2017, October. A review onconsensus algorithm of blockchain. In: 2017 IEEE International Conference onSystems, Man, and Cybernetics (SMC). IEEE, pp. 2567–2572.

Pavithra, D., Balakrishnan, R., 2015, April. IoT based monitoring and control system forhome automation. In: 2015 Global Conference on Communication Technologies(GCCT). IEEE, pp. 169–173.

Peterson, K., Deeduvanu, R., Kanjamala, P., Boles, K., 2016. A blockchain-based approachto health information exchange networks. In Proc. NIST Workshop BlockchainHealthcare 1, 1–10.

Roman, R., Zhou, J., Lopez, J., 2013. On the features and challenges of security andprivacy in distributed internet of things. Comput. Network. 57 (10), 2266–2279.

Roy, D.G., De, D., Alam, M.M., Chattopadhyay, S., 2016, March. Multi-cloud scenariobased QoS enhancing virtual resource brokering. In: 2016 3rd InternationalConference on Recent Advances in Information Technology (RAIT). IEEE,pp. 576–581.

Roy, D.G., Mahato, B., De, D., Buyya, R., 2018. Application-aware end-to-end delay andmessage loss estimation in Internet of Things (IoT)—MQTT-SN protocols. FutureGener. Comput. Syst. 89, 300–316.

Tuli, S., Mahmud, R., Tuli, S., Buyya, R., August 2019. FogBus: a blockchain-basedlightweight framework for edge and fog computing. J. Syst. Softw. 154, 22–36.

Veres, A., Boda, M., 2000, March. The chaotic nature of TCP congestion control. In:Proceedings IEEE INFOCOM 2000. Conference on Computer Communications.Nineteenth Annual Joint Conference of the IEEE Computer and CommunicationsSocieties (Cat. No. 00CH37064), vol. 3. IEEE, pp. 1715–1723.

Walker, J., Pan, E., Johnston, D., Adler-Milstein, J., Bates, D.W., Middleton, B., 2005. TheValue of Health Care Information Exchange and Interoperability: there is a businesscase to be made for spending money on a fully standardized nationwide system.Health Aff. 24 (Suppl. 1), W5–W10.

Yang, C., Chen, X., andXiang, Y., 2018. Blockchain-based publicly verifiable data deletionscheme for cloud storage. J. Netw. Comput. Appl. 103, 185–193.

http://refhub.elsevier.com/S1084-8045(19)30219-X/sref1


















































































































Zhang, Y., Wen, J., 2017. The IoT electric business model: using blockchain technologyfor the internet of things. Peer-to-Peer Networking and Applications 10 (4), 983–994.

Zhang, Y., Deng, R.H., Han, G., Zheng, D., 2018. Secure smart health with privacy-awareaggregate authentication and access control in Internet of Things. J. Netw. Comput.Appl. 123, 89–100.

Zyskind, G., Nathan, O., 2015, May. Decentralizing privacy: using blockchain to protectpersonal data. In: 2015 IEEE Security and Privacy Workshops. IEEE, pp. 180–184.

Deepsubhra Guha Roy is currently pursuing his Ph.D in thefield of Internet of Things. He is the founder developer of Centreof Mobile Cloud Computing. His research area is QoSimprovement in mobile cloud computing towards IoT. Hisemail id: [email protected]

Puja Das is currently pursuing her Ph.D in the field of Internetof Things. Her research area is QoS provisioning in Intelligenceand Secure healthcare system for IoT. Her email id: [email protected]

78

Dr. Debashis De (M′13-SM′15) is a Professor of the Depart-ment of Computer Science and Engineering of Maulana AbulKalam Azad University of Technology, India and AdjunctResearch Fellow of University of Western Australia, Australia.His research area includes energy and latency optimization inmobile cloud computing. He has received Young Scientistaward both in 2005 at New Delhi and in 2011 at Istanbul fromInternational Union of Radio Science, H. Q., Belgium. His emailid: [email protected].

Rajkumar Buyya is a Redmond Barry Distinguished Professorand Director of the Cloud Computing and Distributed Systems(CLOUDS) Laboratory at the University of Melbourne,Australia. He is also serving as the founding CEO of Manjrasoft,a spin-off company of the University, commercializing its in-novations in Cloud Computing. He has authored over 625publications and seven text books including ”Mastering CloudComputing” published by McGraw Hill, China Machine Press,and Morgan Kaufmann for Indian, Chinese and internationalmarkets respectively. Dr. Buyya is recognized as a ”Web ofScience Highly Cited Researcher” in 2016 and 2017 by Thom-son Reuters, a Fellow of IEEE, and Scopus Researcher of theYear 2017 with Excellence in Innovative Research Award byElsevier for his outstanding contributions to Cloud computing.For further information on Dr.Buyya, please visit his cyber-
home: www.buyya.com.














http://www.buyya.com

journal of network and computer applications · indeed, blockchain also play a superior role for...

Documents